Over the past several years, cyber criminals have hacked into records management systems at the federal, state, and local levels. Once the criminals gain access to the system, they plant a virus, causing problems when trying to retrieve records from these systems. The virus is a malicious string of software known as ransomware because after the criminals take control of your data, they demand a monetary amount to release the records. Ransomware is a major issue because cyber criminals can bring your operations to an immediate halt. Based on this issue, you may be asking, “What can I do to better protect my records from ransomware?”
As information technology continues to advance, it is vital that all local government offices and state agencies understand how to mitigate the risks of an attack on your records management system. Although there are many types of ransomware, the strategies you use to protect yourself are essentially the same. Here are some key strategies that you can employ in your office:

1. Awareness and training: Everyone in your office needs to be aware of what ransomware is, the methods of delivery, and basic security principles to best prevent a system from being infected. You should contact your IT Department to help organize and facilitate this training.
2. Keep all software up-to-date: Ensure your software (operating system, server, anti-virus, firmware, etc.) is updated regularly. Regular software updates are key because these updates often include security components. In addition, your anti-virus software should be set to automatically update and conduct regular scans.
3. Backup your information: Your data should be backed up in multiple locations, primarily in locations where it is not constantly connected to the computer or network. Ensure someone checks these backups regularly to ensure that they are accessible.
4. Create a plan to manage a data security breach: Designate an incident response team and outline a plan. Rehearse this plan, making sure it is executable. If you are unable to do this internally, then consider hiring a third-party vendor who can respond to an attack, helping you mitigate the impact a situation like ransomware may have.

Lastly, if the situation occurs in your office or agency, you might wonder “Should we pay the ransom?”. According to the Federal Bureau of Investigation, you should not pay because it only encourages more extortion opportunities by the cyber criminals. If your office or agency is infected with a ransomware, then you should immediately contact the federal law enforcement agency for assistance.

Ransomware can be devastating to any organization. These viruses attack electronic records in various forms such as Word Document, email, Excel Spreadsheet, etc. By following the above strategies, you not only increase the security of your records management system, but in the unlikely event of a data breach, there is a feasible plan to access backup files to reduce the amount of downtime in your office or agency.

The security of electronic records is a joint responsibility of RM and IT. The following link provide the FBI’s best practices and mitigation strategies collected from government and private industry: https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf/view.

Let us know what successes or challenges you are having in the protection of your electronic records in the comments below.